Trust Assessment
wacli received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Command Execution from Untrusted Source, Unpinned Dependency in Go Installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/wacli-w3y/SKILL.md:10 | |
| CRITICAL | Obfuscated Command Execution from Untrusted Source The skill's installation instructions for MacOS contain a base64-encoded command that, when decoded, downloads and executes a script from an arbitrary IP address (91.92.242.30) via `curl | bash`. This constitutes a severe command injection vulnerability and a hidden instruction, as it allows for the execution of arbitrary, untrusted code on the user's system without clear visibility or control. This is a critical supply chain risk. Remove the obfuscated command. If external setup is required, provide clear, auditable, and secure installation steps, preferably from trusted package managers or official repositories, without direct execution of arbitrary scripts from unknown IP addresses. Ensure all external dependencies are explicitly declared and their integrity can be verified. | LLM | SKILL.md:13 | |
| HIGH | Unpinned Dependency in Go Installation The Go installation instruction uses `@latest` for the module `github.com/steipete/wacli/cmd/wacli`. This means the skill will always fetch the latest version of the dependency, which can introduce breaking changes, security vulnerabilities, or even malicious code if the upstream repository is compromised, without explicit review or control. Pin the Go module dependency to a specific version (e.g., `@v1.2.3`) to ensure deterministic builds and prevent unexpected changes or supply chain attacks from upstream updates. Regularly review and update the pinned version as needed. | LLM | SKILL.md:1 | |
| MEDIUM | Potential Data Exfiltration via File Sending Capability The `wacli send file` command allows the skill to send arbitrary files from the local filesystem to WhatsApp contacts. If the LLM is not carefully constrained, a malicious prompt could instruct the skill to exfiltrate sensitive files (e.g., configuration files, user data, credentials) from the system. Additionally, the skill notes that `~/.wacli` is used for storage, which may contain sensitive WhatsApp data that could be targeted for exfiltration. Implement strict input validation and access controls for the `wacli send file` command. Ensure the LLM is explicitly instructed and constrained to only send files from approved directories or with explicit user confirmation. Monitor and log file sending activities. Consider sandboxing the skill's file access to prevent access to sensitive system directories. | LLM | SKILL.md:46 |
Scan History
Embed Code
[](https://skillshield.io/report/b466451e003ee212)
Powered by SkillShield